IMHO, the antivirus makers deserve even less credit than we give them. They have been demonstrating their competence, so why is their software a bloated mess that slows computers to a crawl and still lets through unsophisticated crapware like the fake antivirus stuff?
My biggest problem with all this media is that with knowledge of how it works, and having control of the C&C software, none of those idiots are just saying "For a day let's spoof all of their update centers and spam suicide signal to anyone who comms during that day." Which would kill a majority if not ALL of the virus out there.
Another option is to not sit around proudly on their C&C centers, but that's an obvious start on reversing them as well as a relay point for data. Finding WHAT data EXACTLY they're hunting is the first step in finding who is doing it.
> My biggest problem with all this media is that with knowledge of how it works, and having control of the C&C software, none of those idiots are just saying "For a day let's spoof all of their update centers and spam suicide signal to anyone who comms during that day." Which would kill a majority if not ALL of the virus out there.
It should be pointed out that they're not actually allowed to do that. As silly as it sounds, controlling another person's computer without their permission is illegal, no matter the reason. The best they can do is take over the /entire/ C&C chain, a monumental task, and then not send any commands to the infected machines, thereby rendering the virus inert.
I'll read it but know this, and I'm willing to sign a document to the effect publicly, regardless of it's damage to my reputation.
If a virus was spreading and I could counter it (especially without writing my own virus just for that) then my first action would be to do so and document it well.
A doctor would be clapped for, if he/she diagnosed an illness and treated someone. There would be some mumblings of doubt but who would take action against good will and humanitarianism?
If a mechanic saw someone's break lines cut, isn't it their duty just the same to use their information to help people?
We can't learn everything in life, we specialize. Society is no good if we don't use our differed knowledge in tandem with one another. As a specialist if you're not willing to help people with your knowledge then likely you're just a specialist for the purpose of profit, not passion. With that said, perhaps you should reconsider a few things.
I remember encountering this same issue back during the Code Red/nimda worm days. When my webserver would get hit with the query string that demonstrated an infected machine trying to find another victim, I would fire off a callback to that machine exploiting the same vector that would reboot it in the hopes that someone would notice their machine was infected.
I knew I was technically in violation of the law (contra certain amusing "self-defense" rationalizations) however.
I don't now much about Flame, but I would assume that messages are sent using public-key cryptography in such a way that they can't be spoofed. Maybe a replay attack would be possible though.
You don't spoof the messages, you spoof the destinations.
In a closed system if you can get ahold of the destination as they have, you can redirect everything else to that center temporarily and just let it keep spamming suicide modules. If it's still confusing I can try to explain it better.
